XPath Injection
Description
The input values included in SQL queries need to be passed in safely. Bind variables in prepared statements can be used to easily mitigate the risk of SQL injection.
Examples
Insecure Code
scala
val xpath = XPathFactory.newInstance().newXPath(); xpath.evaluate("//user[name='" + userInput + "]", document)Secure Code
scala
val xpath = XPathFactory.newInstance().newXPath(); xpath.evaluate("//user[name=$user]", document, Map("user" -> userInput))Remediation
Use prepared statements with bind variables to prevent XPath injection.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0082 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-611 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | SQL Injection, XPath Injection |
| OWASP | N/A |